CVE-2025-12343

MEDIUM

Published February 18, 2026

CISO Take

CVE-2025-12343 is a medium-severity DoS vulnerability in FFmpeg's TensorFlow DNN backend affecting AI/ML media processing pipelines. The local attack vector and required user interaction significantly limit real-world exploitability, but automated media ingestion pipelines effectively eliminate the 'user interaction' barrier. Patch FFmpeg in any environment using TensorFlow-based DNN inference for video/audio processing, and validate that untrusted media files cannot reach FFmpeg's DNN backend directly.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
ffmpeg	—	—	No patch

Do you use ffmpeg? You're affected.

Severity & Risk

CVSS 3.1

5.5 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

Trivial

Recommended Action

1. Inventory FFmpeg versions across AI/ML infrastructure, particularly in media preprocessing and computer vision pipelines. 2. Apply available vendor patches from RedHat (CVE-2025-12343 advisory); monitor upstream FFmpeg for official patch version. 3. If patching is not immediately possible, disable FFmpeg's TensorFlow DNN backend (dnn_backend_tf) in non-essential workloads. 4. Implement input validation and sandboxing for media files processed through FFmpeg — run FFmpeg in isolated containers with resource limits to contain crash impact. 5. Add crash monitoring and alerting on FFmpeg processes in AI/ML pipelines (unexpected exits, OOM signals). 6. In automated pipelines, enforce file-type and content validation upstream before DNN processing.

Classification

Code Execution Auth Bypass DoS Framework RAG Model AML.T0010.001 - AI Software AML.T0011 - User Execution AML.T0011.000 - Unsafe AI Artifacts AML.T0029 - Denial of AI Service AML.T0049 - Exploit Public-Facing Application

Compliance Impact

This CVE is relevant to:

EU AI Act

Art. 9 - Risk Management System Art.15 - Accuracy, robustness and cybersecurity of high-risk AI systems

ISO 42001

A.6.2.6 - AI System Availability and Resilience A.9.3 - AI system performance and robustness

NIST AI RMF

GOVERN 6.1 - Third-party AI risks are managed MANAGE 2.4 - Residual risks are addressed and treated RMF-MANAGE-2.4 - Residual risks and system reliability RMF-MAP-5.1 - Likelihood and magnitude of impacts from AI risks

OWASP LLM Top 10

LLM05:2025 - Insecure Plugin Design / Supply Chain Vulnerabilities

Technical Details

NVD Description

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.

Exploitation Scenario

An adversary targeting an AI-powered media analysis service (e.g., automated video moderation, content classification) uploads a specially crafted media file designed to trigger error-handling paths in FFmpeg's TensorFlow DNN backend. When the pipeline calls dnn_execute_model_tf() to run inference on the file, the double-free is triggered, crashing the FFmpeg worker process. In a poorly isolated architecture, this crash propagates to the inference service, causing repeated DoS against the AI pipeline. An adversary can automate this by bulk-uploading malicious files, causing sustained service disruption with minimal effort and no elevated privileges.

Weaknesses (CWE)

CWE-415

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

access.redhat.com/security/cve/CVE-2025-12343
3rd Party
bugzilla.redhat.com/show_bug.cgi
Issue 3rd Party

Timeline

Published

February 18, 2026

Last Modified

February 26, 2026

First Seen

February 18, 2026

Back to Threat Feed